April 21, 2015

NAFCU's Berger: Data security top challenge for CUs

NAFCU President and CEO Dan Berger will outline the top cyber- and data security challenges for credit unions and will provide legislative solutions during a hearing this morning before the House Small Business Committee in which he will serve as the only financial institutions witness.

Berger will testify before the panel alongside witnesses from Intel Security Group and the National Small Business Association. The hearing, "Small Business, Big Threat: Protecting Small Businesses from Cyber Attacks," will focus specifically on what Congress can do to help combat the increase in recent cyberattacks and data security breaches.

Berger will emphasize that credit unions and other financial institutions already protect consumers' personal data under the provisions of the 1999 Gramm-Leach-Bliley Act. He will note there is no comprehensive federal regulatory structure similar to GLBA for other entities, such as retailers, that handle sensitive personal and financial data. In a recent survey, NAFCU members said they spent $136,000 on data security measures in 2014, and that the estimated costs associated with merchant data breaches in 2014 were $226,000, on average, per credit union. Berger will also emphasize the devastating impact breaches can have on consumers and small businesses.

In addition, Berger will discuss the full range of concerns that could be addressed by federal legislation, including NAFCU's key data security principles for inclusion in any comprehensive cyber and data security measures.

NAFCU was the first financial trade organization to call for national data security standards for retailers in the wake of the 2013 Target data breach, and today's hearing is an opportunity to continue the push for legislative action on Capitol Hill.

NAFCU is a member of the Payments Security Task Force, a diverse group of participants in the payments industry that is driving a discussion on payments system security. NAFCU is also a member of the Financial Services Sector Coordinating Council and the Financial Services Information Sharing and Analysis Center, which work on infrastructure cybersecurity.